This Page Is Inserted by IFW Operations 
and is not a part of the Official Record 

BEST AVAILABLE IMAGES 

Defective images within this document are accurate representations of 
the original documents submitted by the applicant. 

Defects in the images may include (but are not limited to): 

• BLACK BORDERS 

• TEXT CUT OFF AT TOP, BOTTOM OR SIDES 

• FADED TEXT 

• ILLEGIBLE TEXT 

• SKEWED/SLANTED IMAGES 

• COLORED PHOTOS 

• BLACK OR VERY BLACK AND WHITE DARK PHOTOS 

• GRAY SCALE DOCUMENTS 



IMAGES ARE BEST AVAILABLE COPY. 



As rescanning documents will not correct images, 
please do not report the images to the 
Image Problem Mailbox. 



Matter No.: 13906-138001 Page 1 of 14 

Applicant(s): Matthias Vogel et al. 

DATA STRUCTURE FOR ACCESS CONTROL 




Matter No.: 13906-138001 Page 2 of 14 

Applicant(s): Matthias Vogel et al. 

DATA STRUCTURE FOR ACCESS CONTROL 



111 O UL 

GO CO Z 

DOS 
CD Q 



CM 

eg 



CM 
C\l 

CNJ 



CO 
CM 
CM 



CO 

eg 



CM 
CM 



CM 



v. 




CO O UJ 

CO UJ ll 

uj F -j £ 

< 0 Q 



r 



Q 
UJ 



0£ 
LU 



O 



CO CD 
CO 



a: 

LU 



UJ 

Q 



UJ 
CO 
3 



01 
UJ 



UJ 

a 



CO Q LU 

CO g [I 

HI t ^ 

° Z £ 

< o g 



z 

LU 
Q 



t 



o 

CM 



Matter No.: 13906-138001 Page 3 of 14 

Applicant(s): Matthias Vogel et al. 

DATA STRUCTURE FOR ACCESS CONTROL 



300 



START 



310 



RECEIVE ACCESS CONTROL RULE 



320 



BASED ON CHARACTERISTIC IDENTIFIED IN THE ACCESS CONTROL RULE, 
IDENTIFY USERS THAT HAVE THE IDENTIFIED CHARACTERISTIC 



330 



BASED ON CHARACTERISTIC IDENTIFIED IN THE ACCESS CONTROL RULE, 
IDENTIFY BUSINESS OBJECTS THAT HAVE THE IDENTIFIED 
CHARACTERISTIC 



340 



GENERATE ACCESS CONTROL INFORMATION TO ALLOW EACH USER 
HAVING THE IDENTIFIED CHARACTERISTIC TO ACCESS EACH BUSINESS 
OBJECT HAVING THE IDENTIFIED CHARACTERISTIC 



350 



STORE GENERATED ACCESS CONTROL INFORMATION 



i , 



END 



FIG. 3 



Matter No.: 13906-138001 Page 4 of 14 

Applicant(s): Matthias Vogel et al. 

DATA STRUCTURE FOR ACCESS CONTROL 



400 

410- 



START 



RECEIVE USER IDENTIFIER AND BUSINESS OBJECT IDENTIFIER 



415 



420 



i 



RECEIVE ACTION TO BE PERFORMED ON BUSINESS OBJECT 



T 



SEARCH ACCESS CONTROL INFORMATION FOR USER IDENTIFIER AND 
BUSINESS OBJECT IDENTIFIER 



425- 



NO 



FIND ACCESS CONTROL 
INFORMATION PERMITTING USER 
[O ACCESS BUSINESS OBJECT^ 



YES 



DENY ACCESS TO BUSINESS OBJECT 



430 



FIG. 4 



450^ 

1 



■435 



PERMIT ACCESS TO BUSINESS 
OBJECT 



-440 



DETERMINE WHETHER ACTION IS 
PERMITTED 



DENY ACTION ON 
BUSINESS OBJECT 



I 



-445 



NO 



ACTION 
N PERMITTED? ,S 



455 




Matter No.: 13906-138001 Page 5 of 14 

Applicant(s): Matthias Vogel et al. 

DATA STRUCTURE FOR ACCESS CONTROL 



o 
o 
m 



in 




CO 
CO 

in 



LO 

CO 
LO 





r 



CM 
CO 
LO 



Q 
LU 

H L* 
O LU 
< tL 



O 

H 

CO 

01 
LU 
H 

1 

< 
X 

o 



CL 

HI & 



CO 
CO . 

^ LU LU 
^ Q- 

CD O r 




o 

Q 
< 
LU 

a: 



< 

LU 

cr: 
< 

CO 
LU 
_l 
< 
CO 



< 

CL 

o 

(D 
a: 

LU 
CO 
ID 



lu 



CO 

o 



Matter No.: 13906-138001 Page 6 of 14 

Applicant(s): Matthias Vogel et al. 

DATA STRUCTURE FOR ACCESS CONTROL 



600 



START 



RECEIVE INDICATION OF ACCESS CONTROL RULE TO BE MODIFIED 



DISPLAY ACCESS CONTROL RULE 



RECEIVE ACCESS CONTROL RULE MODIFICATION 



MODIFY ACCESS CONTROL INFORMATION 
FOR MODIFIED ACCESS CONTROL RULE 



STORE GENERATED ACCESS CONTROL INFORMATION 



T 



END 



FIG. 6 



Matter No.: 13906-138001 Page 7 of 14 

Applicant(s): Matthias Vogel et al. 

DATA STRUCTURE FOR ACCESS CONTROL 




(!) 



Matter No.: 13906-138001 Page 8 of 14 

Applicant(s): Matthias Vogel et al. 

DATA STRUCTURE FOR ACCESS CONTROL 




I 
I 



£< 
Li a: 

cr £ 
w <-> 

3 



00 
LO 
00 



Q 
LU 



LU 
0. 



01 
O UJ 

z 

LU LU 
H Q 

o 
i 

H 
LU 

2 



2 

< 
I 

o 



9>fc 

o y 
a: u_ 
o F 
z 

£ LU 

co 9 



a: 

LU 

uj E 

LU 

Q 



CD 
00 



in 

CO 



CO 
CO 



T 

CN 

to 

CO 



00 



CO < 

<fl h 

lu O ft] Cr 



O LU 



LU 



CO 



a 
o 

X 
H 
LU 



log 
q: co j- 

LU CO O 
H LU < 
LU Z £ 
^CO< 

m O 



O 

□ 
O 
X 



LU 



LU 

LU LU 
2 Q 



g 

H 

CO 

LU 

LU 

"I 

< 
X 

o 



g 

H 

CO 

q: 

LU LU 

< 
X 

o 



g lu 

H- LL 

52 F 

£ Z 
LU LU 
H Q 

2 o 
< x 

St 

2 



t 



o 

LO 
00 



LO 
00 



CO 
LO 
00 



in 

LO 

oo 



CO 
LO 
00 



LO 
00 



Matter No.: 13906-138001 Page 9 of 14 

Applicant(s): Matthias Vogel et al. 

DATA STRUCTURE FOR ACCESS CONTROL 



910 



915 



920 



925 
930 



932 



960 



970 



START 



900 



RECEIVE BUSINESS OBJECT IDENTIFIER 



DETERMINE OBJECT TYPE THAT IS ASSOCIATED WITH BUSINESS OBJECT IDENTIFIER 



IDENTIFY ACCESS CONTROL RULES FOR THE OBJECT TYPE ASSOCIATED WITH THE 
BUSINESS OBJECT IDENTIFIER 



SELECT A PARTICULAR ACCESS CONTROL RULE 



DETERMINE METHOD TO DETERMINE BUSINESS OBJECT CHARACTERISTIC 



T 



DETERMINE BUSINESS OBJECT CHARACTERISTIC FOR THE ACCESS CONTROL RULE 



950 




940 



GENERATE ACCESS 
CONTROL GROUP 
IDENTIFIER 



IDENTIFY ACCESS CONTROL GROUP 
IDENTIFIER 





r 


GENERATE ACCESS 
CONTROL GROUP 
INFORMATION 




t 


STORE ACCESS CONTROL 
GROUP INFORMATION 



GENERATE ACCESS CONTROL LIST INFORMATION FOR BUSINESS OBJECT 



I 



STORE ACCESS CONTROL LIST INFORMATION 



END 




YES 



980 



FIG. 9 



Matter No.: 13906-138001 Page 10 of 14 

Applicant(s): Matthias Vogel et al. 

DATA STRUCTURE FOR ACCESS CONTROL 



START 



1000 



1010 



RECEIVE USER IDENTIFIER 



1015 



1020 



DETERMINE USER GROUP THAT IS ASSOCIATED WITH USER IDENTIFIER 



IDENTIFY ACCESS CONTROL RULES FOR THE USER GROUP ASSOCIATED WITH THE USER 

IDENTIFIER 



1025 



SELECT A PARTICULAR ACCESS CONTROL RULE 



1030 



1032 



DETERMINE METHOD TO DETERMINE USER CHARACTERISTIC FOR ACCESS CONTROL RULE 



DETERMINE USER CHARACTERISTIC FOR THE ACCESS CONTROL RULE 




NO 



1040 



1045 



GENERATE ACCESS 
CONTROL GROUP 
IDENTIFIER 



GENERATE ACCESS 
CONTROL GROUP 
INFORMATION 



IDENTIFY ACCESS CONTROL GROUP 
IDENTIFIER 



1060 



1047 



STORE ACCESS CONTROL 
GROUP INFORMATION 



GENERATE USER CONTEXT INFORMATION FOR USER AND ACCESS CONTROL GROUP 



1070 



STORE USER CONTEXT INFORMATION 



END 




YES 



FIG. 10 



Matter No.: 13906-138001 Page 1 1 of 14 

Applicant(s): Matthias Vogel et al. 

DATA STRUCTURE FOR ACCESS CONTROL 



1110< 



1115 < 



1120 < 



1111 — ^ 


1100 

1112 — ^ 


1114 


USER IDENTIFIER 


USER GROUP IDENTIFIER 


USER NAME 


User A 


Sales Employee 


Allan Smith 


User B 


Manager 


Paul Jones 


User C 


Sales Employee 


Janine Hurley 



1116 



J 



1119 



1118 



USER IDENTIFIER 


SALES TERRITORY 


User A 


South East 


User B 


South East 


UserC 


NorthWest 



1121 



1123- 



< 1115A 

< 1115B 

< 1115C 



1125 



SALES ORDER IDENTIFIER 


SALES TERRITORY 


Sale A 


SouthEast 


SaleB 


SouthEast 


SaleC 


SouthEast 


Sale D 


NorthWest 



■1120A 
-1120B 
-1120C 
-1120D 



«*-1110A 
«<-1110B 
<-1110C 



FIG. 11A 



Matter No.: 13906-138001 Page 12 of 14 

Applicant(s): Matthias Vogel et al. 

DATA STRUCTURE FOR ACCESS CONTROL 



3 

in 



O 



o 

o 
in 



I I i 





i 


La 




* 

LU 


o 


o 




Q_ 


LU 


LU 


LU 




~D 






00 


CO 


LU 


|— 


O 


O 




r \ 


CO 


CO 




LU 


LU 


LU 


^ LU 




—1 


—I 






< 


< 




o 


CO 


CO 


LU O 


Q 








LU 

tz 


LU 








o 








z 


G 




01 h 


< 


< 




LU o 


I 


LU 


LU 


0- < 


o 


01 








CM 


CO 




o 


O 


o 




"D 


"D 


"D 




o 


O 


O 






SZ 


sz 


01 01 
UJ Q UJ 




rMel 


rMel 




<D 


0 


0 


t£ X EE 


art 


o 

CO 


o 

CO 


JEW 


har 


har 


har 




O 


O 


O 










RGROU 
ITIFIER 


LES 

PLOYEE 


AGER 


LOYEE 


LU ffj 


z 


0. 




< 






CO LU 


IE 


LU 


01 








LU 








LL 












CN 


co 




O 


O 


O 




Q) 


<D 


CD 


3 LLI 




3 




oi 


01 





1^. 

CD 



LO 
CO 



A 



CO 
CD 



CO 



K i- 

UJ LU 

O O * 

SIS 

CO < 
ID X 
CD O 



LU 



LU 



o 



If 

Si" 



LU 
Q 

O 
H 

Q 
O 



uj 

< 
i 

o 



01 
LU 
LU CO 
^ 3 



O 

CO 

01 
LU 
H 
O 

& 

< 

o 



LU 
CL 



01 _ 
LU 01 
I— _ LU 

m 

<r h z 

XLU^j 



< 

o 

CO 



CO 

o 

CO 



o 
0 

9 

O 
LL 

£^ 

O 

» 

i— 

(1) 
H 
to 
a) 

CO 
CO 
CD 

O 



o 

CD 

'IS 
o 

LL 

o 

• 4—1 
t 

CD 
I— 
CO 
0 
CO 

CO 
■+-» 

0 



CD 
CO 



o 
E 

S 

CO 

0 

CO 
CO 

-«— » 

CD 

O 



CO 

0 



S 

CO 
0) 

CO 
CO 

8 

'sz 

CD 

X 

-♦— ■ 
0 

O 



>- 
a: 
o 
cot 

LU 01 
-J 01 
< LU 
CO I- 



>- 
01 

o 

cot 

< LU 
CO H 



o 
o 

0 



E 

CO 



CN 

o 
*o 
o 
sz 

0 



0 
o 

CO 

o 



8 



O 
o 

CO 



i i 1 



Matter No.: 13906-138001 Page 13 of 14 

Applicant(s): Matthias Vogel et al. 

DATA STRUCTURE FOR ACCESS CONTROL 



1200 



1241 



1242- 





f 


USER IDENTIFIER 


ACCESS CONTROL 
GROUP IDENTIFIER 




1240<; 




User A 


ACgroupl 


< — 1240A 




UserB 


ACgroup2 


< — 1240B 






UserC 


ACgroup3 


<— 1240C 



1260 



1251^ 


7 ' ^1253 

1270-^ / 


^1255 






ACCESS CONTROL 
GROUP IDENTIFIER 


CHARACTERISTIC 


ACCESS CONTROL 

Dl II C inrMTICICD 

RULE lUbN 1 IrlhK 






ACgroupl 


Sales Territory = South East 


Kuieu 1 


< — 1250A 




ACgroup2 


Sales Territory = South East 


Ruieu2 


< — 1250B 




ACgroup3 


Sales Territory = North West 


Ruleul 


<^1250C 




ACgroup4 


Sales Territory = NorthWest 


Kule02 


< — 1250D 


75^ 


1261 




1263 — ^ 


1265^ 






ACCESS CONTROL 
GROUP IDENTIFIER 


BUSINESS OBJECT 
IDENTIFIER 


PERMITTED ACTION 






ACgroupl 


Sale A 


Read, Write 


<*-1260A 




ACgroup2 


Sale A 


Read 


<«— 1260B 




ACgroupl 


Sale B 


Read, Write 


<-1260C 




ACgroup2 


Sale B 


Read 


<- 1260D 




ACgroupl 


Sale C 


Read, Write 


<- 1260E 




ACgroup2 


SaleC 


Read 


<- 1260F 




ACgroup3 


Sale D 


Read, Write 


<«— 1260G 


V 


ACgroup4 


SaleD 


Read 


««— 1260H 



FIG. 12 



Matter No.: 13906-138001 Page 14 of 14 

Applicant(s): Matthias Vogel et al. 

DATA STRUCTURE FOR ACCESS CONTROL 



1310 

VJ 



START 



1300 



RECEIVE USER IDENTIFIER AND BUSINESS OBJECT IDENTIFIER 



1315 



I 



RECEIVE ACTION TO BE PERFORMED ON BUSINESS OBJECT 



1317 



I 



ACCESS ACCESS CONTROL LIST INFORMATION 
AND USER CONTEXT INFORMATION 



1320 



DETERMINE WHETHER AN ACCESS CONTROL GROUP IDENTIFIER IS 
ASSOCIATED WITH BOTH THE RECEIVED USER IDENTIFIER AND THE 
RECEIVED BUSINESS OBJECT IDENTIFIER 



1330 



1325 



DENY ACCESS TO 
BUSINESS OBJECT 




1335- 



YES 



PERMIT ACCESS TO 
BUSINESS OBJECT 



1340- 



DETERMINE WHETHER 
ACTION IS PERMITTED 



i _ 



1350 



-1345 



! DENY ACTION ON BUSINESs LNQ *r'~ ~?Ji2iL« 
1 OBJECT ? ^.PERMITTED? 



1355 



YES 



PERMIT ACTION ON BUSINESS 
OBJECT 



END 



FIG. 13 



